Oracle JHeadstart Developer's Guide - Downloads - Oracle
Oracle JHeadstart Developer's Guide - Downloads - Oracle
Oracle JHeadstart Developer's Guide - Downloads - Oracle
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
10.3. Using JAAS-JAZN for Authentication<br />
10.3.1. Login Page and Login Bean<br />
10.3.2. Logout Button and Logout Bean<br />
When you run the <strong>JHeadstart</strong> Application Generator with service-level property<br />
Authentication Type set to “JAAS”, the following happens:<br />
• A login page and associated login bean is generated.<br />
• A logout button and logout bean is generated.<br />
• J2EE security is set up in the web.xml.<br />
• Default users and roles are defined in jazn-data.xml.<br />
These actions are discussed below in more detail.<br />
An ADF Faces login page is generated in /security/pages subdirectory under the<br />
html root directory. This file is generated through the<br />
default/misc/file/fileGenerator.vm template, which in turn uses<br />
default/misc/file/loginPage.vm template. The login page is only generated<br />
when it does not exist yet, so you can customize the generated login page without<br />
loosing these changes when regenerating.<br />
When clicking the login button on the login page, the authenticateUser method of<br />
the generic oracle.jheadstart.controller.jsf.bean.LoginBean class is<br />
called. This bean is configured in JhsCommonBeans.xml. In case of JAAS authentication,<br />
this method redirects to a J2EE login form which autosubmits itself, and is therefore not<br />
visible to the user. The J2EE login form contains the required form action<br />
j_security_check, and fields j_username and j_password, filled with the values<br />
as entered in the ADF Faces login page, to trigger the J2EE container-managed security.<br />
Using this “redirect” technique, we are able to use a normal JSF page as login page, so<br />
you can apply the same ADF Faces look and feel as used by your other application<br />
pages, and you can use ADF drag and drop data binding should you want to add<br />
dynamic data to the login page, like news items read from a database table.<br />
The generated login page contains two “fast login” links for users SKING and<br />
AHUNOLD, the two sample users that are created in the jazn-data.xml file.<br />
Using the /default/misc/file/menuGlobal.vm template, called from the<br />
default/misc/file/fileGenerator.vm template, a logout button is generated in the global<br />
buttons area. When clicking the logout button, the logout method of the generic<br />
oracle.jheadstart.controller.jsf.bean.LogoutBean class is called. This<br />
bean is configured in JhsCommonBeans.xml. In this method, the session is invalidated<br />
and a redirect to the logout destination URL is performed, which defaults to “/”. By<br />
using the slash, the web container will launch the index.jsp page that <strong>JHeadstart</strong><br />
generated in the HTML root directory. The index.jsp page redirects to the generated<br />
home page, causing the login page to appear first again, but you are free to change the<br />
redirect destination in the index.jsp page.<br />
<strong>JHeadstart</strong> Developer’s <strong>Guide</strong> Application Security 10- 11